Andy Polyakov
96b0f6c16d
Various minor updates to AES assembler modules.
2007-07-13 17:42:13 +00:00
Andy Polyakov
e1612ea59d
Add _x86_64_AES_[en|de]crypt_compact.
2007-07-13 17:39:40 +00:00
Dr. Stephen Henson
9677bf0f30
Update .cvsignore
2007-06-18 12:40:24 +00:00
Andy Polyakov
f20af72312
AES_set_[en|de]crypt_key for ARMv4.
2007-05-30 15:57:31 +00:00
Andy Polyakov
7ef643360d
s390x gas can't handle .align 128.
2007-05-28 16:32:50 +00:00
Andy Polyakov
76c828c627
AES_set_[en|de]crypt_key for s390x.
2007-05-28 16:30:18 +00:00
Andy Polyakov
86d8f3ee19
Typo in aes-ppc.pl.
2007-05-19 20:00:33 +00:00
Andy Polyakov
9c200f5471
Initial draft of AES for PPC.
2007-05-19 17:16:27 +00:00
Dr. Stephen Henson
9660cbcd6b
Change C++ style comments.
2007-05-15 23:50:55 +00:00
Ben Laurie
69ab085290
More IGE speedup.
2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2
AES IGE mode speedup.
2007-05-13 12:57:59 +00:00
Andy Polyakov
3f6916cf29
Fix bug introduced in cn#16195.
2007-05-03 09:12:47 +00:00
Andy Polyakov
a4470ae7b2
Fine reading of manual suggests that km can return non-normal completion code.
2007-05-03 07:26:27 +00:00
Andy Polyakov
251718e4c1
Fix s390x bugs and correct performance coefficients.
2007-05-02 11:44:02 +00:00
Andy Polyakov
b900df5258
Engage s390x assembler modules.
2007-04-30 09:22:27 +00:00
Andy Polyakov
a2a54ffc5f
s390x assembler pack.
2007-04-30 08:42:54 +00:00
Ben Laurie
f6301f6888
Avoid overrun. Coverity ID 60.
2007-04-05 15:45:58 +00:00
Andy Polyakov
82686bdcaa
Minimize aes_core.c footprint when AES_[en|de]crypt is implemented in
...
assembler.
2007-01-25 20:47:00 +00:00
Andy Polyakov
14b1d089b6
Minor touch to aes-armv4.pl.
2007-01-25 11:28:07 +00:00
Andy Polyakov
a296239bdd
AES for ARMv4.
2007-01-25 10:44:48 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Dr. Stephen Henson
4d7aff707e
Update dependencies.
2006-11-30 13:41:47 +00:00
Andy Polyakov
591e85e928
Linking errors on IA64 and typo in aes-ia64.S.
2006-10-17 06:41:27 +00:00
Andy Polyakov
3a8012cbf2
Improve 386 portability of aes-586.pl.
2006-09-18 19:13:15 +00:00
Andy Polyakov
2b8a5406f9
Fix bug in aes-586.pl.
2006-08-31 21:15:38 +00:00
Dr. Stephen Henson
02c9b66a6c
Fix C++ style comments, change assert to OPENSSL_assert, stop warning with
...
pedantic mode.
2006-08-31 20:56:20 +00:00
Ben Laurie
aa6d1a0c19
Forward port of IGE mode.
2006-08-31 14:04:04 +00:00
Andy Polyakov
6c69aa532e
Revised AES_cbc_encrypt in x86 assembler module.
2006-08-07 09:05:52 +00:00
Andy Polyakov
fc92414273
Agressively prefetch S-box in SSE codepatch, relax alignment requirement,
...
check for SSE bit instead of MMX, as pshufw was introduces in PIII, minor
optimization, typos...
2006-08-02 22:38:16 +00:00
Andy Polyakov
53154d71c3
Switch to compact S-box when generating AES key schedule.
2006-08-02 07:46:56 +00:00
Andy Polyakov
8cebec9802
Switch to compact S-box when generating AES key schedule.
2006-08-01 22:10:39 +00:00
Andy Polyakov
22c268e6c9
Next generation aes-586.pl featuring AES_[en|de]crypt, accessing exclusively
...
256 byte S-box. AES_cbc_encrypt needs further work as it should also use
slow routines when processing smaller amount of data.
2006-07-31 20:03:56 +00:00
Andy Polyakov
af8c1d81a3
Reimplement outer rounds as "compact" in x86 assembler. This has rather
...
strong impact on decrypt performance, 20-25%. One probably should consider
switching between slower and faster routines depending on how much data
we were asked to process.
2006-07-18 10:05:38 +00:00
Andy Polyakov
dff2922aa7
Add option for "compact" rounds to aes_x86core.c. "Compact" rounds are
...
those referencing compact, 256-byte, S-boxes.
2006-07-14 09:57:55 +00:00
Andy Polyakov
86bdc0a3ee
Fix compiler warnings.
2006-07-04 20:29:50 +00:00
Andy Polyakov
9c62bca11a
Prepare playground for AES experimental code.
2006-07-02 09:18:00 +00:00
Andy Polyakov
985e4c4154
Mitigate the hazard of cache-collision timing attack on last round. The
...
only chance for T[ed]4 to get evicted in this module is when its cache
"overlaps" with last 128 bits of key schedule.
2006-06-28 08:52:16 +00:00
Andy Polyakov
9598fa8759
Mitigate the hazard of cache-collision timing attack on last round. Well,
...
prefetch could have been moved closer to Td4 references. Something for
later consideration...
2006-06-28 08:48:54 +00:00
Andy Polyakov
ac8173515a
Mitigate cache-collision timing attack on last round.
2006-06-28 08:39:06 +00:00
Andy Polyakov
8fecd4b4f1
Sync aes.h with http://cvs.openssl.org/chngview?cn=15336 .
2006-06-05 10:43:41 +00:00
Andy Polyakov
41fc5f2dbe
Reimplement AES_ofb128_encrypt.
2006-06-05 10:40:54 +00:00
Andy Polyakov
bcfd3d68f5
Correct logical error in STRICT_ALIGNMENT check and remove copy of
...
eay licence, as module is practically rewritten from scratch [well,
even original submission was obviously "almost, but not quite,
entirely unlike" any other eay *_cfb.c module, not to mention new
functions].
2006-06-05 10:40:28 +00:00
Andy Polyakov
21f0db692d
Tune up AES CFB. Performance improvement varies from 10% to 50% from
...
platform to platform. Its absolute value is within few percents
marginal from that of ECB.
2006-05-30 07:20:13 +00:00
Nils Larsch
49c5f38d3d
undo accidental commit
2006-04-20 13:54:34 +00:00
Nils Larsch
f8296228f1
as we encrypt every bit separately we need to loop through the number
...
of bits; thanks to Michael McDougall <mmcdouga@saul.cis.upenn.edu>
PR: 1318
2006-04-20 13:11:52 +00:00
Andy Polyakov
35e00cc2d8
Minor aes-sparcv9.pl optimization.
2005-12-10 12:32:22 +00:00
Andy Polyakov
064f6cb6f2
Engage AES for UltraSPARC in sparcv9 targets.
2005-12-10 11:24:07 +00:00
Andy Polyakov
20ab8b4b41
Revoke the option to share AES S-boxes between C and assembler. It wastes
...
space, but gives total flexibility [back].
2005-12-10 11:22:57 +00:00
Andy Polyakov
7395d852c3
Initial draft for AES for UltraSPARC assembler.
2005-12-10 11:19:56 +00:00
Andy Polyakov
b2be099d16
Fix #if _MSC_VER clause in aes_locl.h
2005-07-30 19:42:50 +00:00
Andy Polyakov
0066590f98
Pedantic polish to aes-ia64 and sha512-ia64.
2005-07-20 15:15:22 +00:00
Andy Polyakov
b3f56e8b38
Typo in version number.
2005-07-20 11:11:14 +00:00
Andy Polyakov
5826e4f481
Perl stylistic/cosmetic update for aes-x86_64.pl.
2005-07-20 11:09:02 +00:00
Andy Polyakov
ef428d5681
Fix unwind directives in IA-64 assembler modules. This helps symbolic
...
debugging and doesn't affect functionality.
Submitted by: David Mosberger
Obtained from: http://www.hpl.hp.com/research/linux/crypto/
2005-07-18 09:54:14 +00:00
Andy Polyakov
afbe674edb
~15% better AES x86_64 assembler.
2005-07-18 09:15:04 +00:00
Andy Polyakov
b4f5e5c959
Commentary section update.
2005-07-14 13:16:31 +00:00
Andy Polyakov
d85185217b
AES x86_64 assembler implementation.
2005-07-12 15:44:58 +00:00
Andy Polyakov
4e28f13209
Pedantic polish to aes-586.pl:-)
2005-07-01 10:13:30 +00:00
Andy Polyakov
53a20bfd94
Typos in commentary section.
2005-06-30 22:09:03 +00:00
Andy Polyakov
a28062338c
AES_cbc_encrypt to allow end-user to retain small blocks performance by
...
aligning the key schedule in a specific manner.
2005-06-30 22:06:35 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Bodo Möller
10cde5010d
make update
2005-05-16 00:27:37 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Andy Polyakov
e19e549041
Comply with optimization manual (no data should share cache-line with code).
2005-05-09 21:48:01 +00:00
Andy Polyakov
57ee007035
Fix constants.
...
PR: 1059
2005-05-07 08:11:50 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Andy Polyakov
3d5fd31280
Avoid L1 cache aliasing even between key and S-boxes.
2005-04-24 21:09:20 +00:00
Andy Polyakov
04d0d0accf
Avoid aliasing between stack frames and S-boxes. Compress prefetch code.
2005-04-22 11:49:32 +00:00
Andy Polyakov
c8d5c71af5
Mitigate cache-timing attack in CBC mode. This is done by implementing
...
compressed tables (2x compression factor) and by pre-fetching them into
processor cache prior every CBC en-/decryption pass. One can argue why
just CBC? Well, it's commonly used mode in real-life applications and
API allows us to amortize the prefetch costs for larger data chunks...
2005-04-16 15:23:21 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Ulf Möller
8d274837e5
fix breakage for Perl versions that do boolean operations on long words
2005-03-19 11:13:30 +00:00
Andy Polyakov
67ea999d4a
This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF
...
and GNU binutils, but kept BSD make... And I took the opportunity to
unify other targets to this common least denominator...
2005-02-06 13:23:34 +00:00
Andy Polyakov
fbdce13e5a
Please BSD make...
2005-01-25 22:09:11 +00:00
Andy Polyakov
8359421d90
Default to AES u32 being unsinged int and not long. This improves cache
...
locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-).
The choice is guarded by newly introduced AES_LONG macro, which needs
to be defined only on 16-bit platforms which we don't support (not that
I know of). Meaning that one could as well skip long option altogether.
2005-01-24 14:22:05 +00:00
Andy Polyakov
efde5230f1
Improve ECB performance (48+14*rounds -> 18+13*rounds) and reserve for
...
hand-coded zero-copy AES_cbc_encrypt.
2005-01-24 14:14:53 +00:00
Andy Polyakov
bac252a5e3
Bug-fix in CBC encrypt tail processing and commentary section update.
2005-01-20 10:33:37 +00:00
Andy Polyakov
addb6e16a8
Throw in AES CBC assembler, up to +40% on aes-128-cbc benchmark.
2005-01-18 01:04:41 +00:00
Andy Polyakov
ed65fab910
Reserve for AES CBC assembler implementation...
2005-01-18 00:43:32 +00:00
Andy Polyakov
90cc40911b
Don't zap AES CBC IV, when decrypting truncated content in place.
2005-01-18 00:26:52 +00:00
Andy Polyakov
e7e1150706
"Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better
...
performance on recent microarchitectures.
2005-01-13 15:35:44 +00:00
Andy Polyakov
7de4b5b060
Permit "monolithic" AES assembler implementations, i.e. such which would
...
replace *whole* aes_core.c, not only AES_[de|en]crypt routines.
2005-01-09 16:01:58 +00:00
Andy Polyakov
25866e3982
Commentary update for AES IA-64 assembler module.
2004-12-30 10:55:02 +00:00
Andy Polyakov
3b3df98ca6
Minor AES x86 assembler tune-up.
2004-12-30 10:46:03 +00:00
Andy Polyakov
2e4a99f38b
AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1
...
performance, but anyway...
2004-12-30 10:43:33 +00:00
Andy Polyakov
f1ce306f30
Oops-kind typos in aes-ia64.S...
2004-12-28 17:10:42 +00:00
Richard Levitte
37b11ca78e
iv needs to be const because it sometimes takes it's value from a
...
const.
2004-12-28 10:35:13 +00:00
Andy Polyakov
9850f7f6b2
Remove yet another redundant memcpy. Not at least performance critical,
...
essentially cosmetic modification...
2004-12-26 13:05:40 +00:00
Andy Polyakov
131e064e4a
Eliminate redundant memcpy of IV material. Performance improvement varies
...
from platform to platform and can be as large as 20%.
2004-12-26 12:31:37 +00:00
Andy Polyakov
556b8f3f77
Engage AES x86 assembler module for COFF and a.out targets.
2004-12-26 10:58:39 +00:00
Andy Polyakov
045d3285e2
Engage AES x86 assembler module on ELF platforms.
2004-12-23 21:44:28 +00:00
Andy Polyakov
25558bf743
Eliminate copies of TeN and TdN, use those found in assembler module.
2004-12-23 21:40:23 +00:00
Andy Polyakov
713147109c
AES x86 assembler implementation.
2004-12-23 21:32:34 +00:00
Richard Levitte
fbf218b8c3
make update (oops, missed this file)
2004-12-13 22:57:39 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Richard Levitte
1a4b8e7cee
Make sure memmove() is defined, even on SunOS 4.1.4.
...
PR: 963
2004-11-01 07:58:38 +00:00
Andy Polyakov
14fa6ad9f9
Make aes_ctr.c 64-bit savvy.
2004-08-23 22:19:51 +00:00
Andy Polyakov
33c3ecf741
Build-n-link new IA-64 modules on Linux and HP-UX.
2004-07-23 23:27:10 +00:00
Andy Polyakov
5bd4c26057
Various IA-64 assembler fix-ups.
2004-07-23 22:54:18 +00:00
Andy Polyakov
859ceeeb51
Anchor AES and SHA-256/-512 assembler from C.
2004-07-18 17:26:01 +00:00
Andy Polyakov
d0590fe6b2
Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes.
...
I also used this opportunity to clean up some out-of-date targets and
re-group targets by OS.
2004-07-18 16:19:34 +00:00
Andy Polyakov
2232b10f5a
Add licensing terms.
2004-07-17 13:24:58 +00:00
Andy Polyakov
e34794dd1b
IA-64 is intolerant to misaligned access. It was a problem on Win64 as
...
we were mislead by _MSC_VER macro, which is defined by *all* Windows
Microsoft compilers.
2004-07-17 12:55:55 +00:00
Andy Polyakov
51ce5230cd
AES assembler implementation for IA-64. Note that there is no anchor from
...
C code yet...
2004-07-01 11:15:23 +00:00
Richard Levitte
8d1ebe0bd1
Add the missing parts for DES CFB1 and CFB8.
...
Add the corresponding AES parts while I'm at it.
make update
2004-01-28 19:05:35 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
4e952ae4fc
Removing those memcpy()s also took away the possibility for in and out to
...
be the same. Therefore, the removed memcpy()s need to be restored.
2003-10-29 06:21:22 +00:00
Richard Levitte
0b6956b474
Correct serious bug in AES-CBC decryption when the message length isn't
...
a multiple of AES_BLOCK_SIZE.
Optimize decryption of all complete blocks in AES-CBC by removing an
unnecessary memcpy().
The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>.
The unnecessary memcpy() was found as an effect of investigating that error.
2003-10-15 09:00:14 +00:00
Richard Levitte
61f00386ab
The counter is big-endian. Since it comes as an array of char,
...
there's absolutely no need to special-case it on little-endian
machines.
Notified by Thierry Boivin <Thierry.Boivin@celsecat.com>
2003-07-04 11:37:50 +00:00
Richard Levitte
2ae0352b0f
Oops, I forgot to replace 'counter' with 'ivec' when used...
2003-07-03 20:50:44 +00:00
Richard Levitte
da6c44fc97
The 'counter' is really the IV.
2003-07-03 06:42:43 +00:00
Richard Levitte
da0d33560f
Change AES-CTR to increment the IV by 1 instead of 2^64.
2003-07-03 06:41:30 +00:00
Richard Levitte
55b12f8641
The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting
2003-06-10 04:11:42 +00:00
Richard Levitte
940767b03f
Make sure we get the definition of OPENSSL_NO_AES.
2003-03-20 23:15:51 +00:00
Andy Polyakov
97e6bf6b22
Workaround for lame compiler bug introduced in "CPU pack" for MSVC6SP5.
2003-01-23 10:05:39 +00:00
Richard Levitte
aa18245f7e
Make AES_ENCRYPT and AES_DECRYPT macros instead of static constants.
...
PR: 411
2002-12-20 18:21:35 +00:00
Richard Levitte
0bf23d9b20
WinCE patches
2002-11-15 22:37:18 +00:00
Richard Levitte
c863201780
Remove warnings.
2002-11-14 15:57:38 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Bodo Möller
b6fee5c2fb
disable weird assert()s
2002-11-13 14:01:34 +00:00
Richard Levitte
69ce48c307
Make the CBC mode od AES accept lengths that aren't multiples of 16.
...
PR: 330
2002-11-12 11:00:25 +00:00
Richard Levitte
4006c56036
Add more commentary. Check that *num is smaller than the block size.
2002-10-11 22:42:34 +00:00
Richard Levitte
1729588435
The AES CTR API was buggy, we need to save the encrypted counter as well
...
between calls, or that will be lost if it returned with *num non-zero.
2002-10-11 22:37:29 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
c4c2c61e8c
always include <string.h> (we do this in various other header files,
...
so it can't be bad)
PR: 102
2002-06-18 09:35:43 +00:00
Richard Levitte
09c70c3261
In CFB mode, the iv is always encrypted.
2002-05-31 13:07:39 +00:00
Richard Levitte
dbdc5d14d3
Correct AES counter mode, which incorrectly incremented the counter before
...
using it.
PR: 56
2002-05-30 14:06:06 +00:00
Richard Levitte
3adb8c3854
With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all
2002-02-20 11:43:40 +00:00
Geoff Thorpe
5b2d6ff07e
make update
2002-02-20 08:33:55 +00:00
Richard Levitte
97879bcd57
Add the modes OFB128, CFB128 and CTR128 to AES.
...
Submitted by Stephen Sprunk <stephen@sprunk.org>
2002-02-16 12:20:34 +00:00
Richard Levitte
f6fbd470e3
It looks like I didn't remove everything that has to do with the
...
non-existant aestest.c.
2002-01-26 04:45:37 +00:00
Richard Levitte
72165799a8
There is no aestest currently. The EVP tester is used to check the
...
AES algorithm.
2002-01-25 07:52:25 +00:00
Ben Laurie
9dd5ae6553
Constification, add config to /dev/crypto.
2002-01-18 16:51:05 +00:00
Geoff Thorpe
e4dd79bbc8
- Add the same header stuff to aes_locl.h as is in des_locl.h to avoid
...
undefined functions (memset, etc).
- Put a .cvsignore in the aes directory too.
2002-01-05 12:55:08 +00:00
Richard Levitte
6f9079fd50
Because Rijndael is more known as AES, use crypto/aes instead of
...
crypto/rijndael. Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).
This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
2002-01-02 16:55:35 +00:00